Penetration Testing mailing list archives
RE: IE7 add-on
From: "Robert S. Slifkin" <rob () SLIFKIN NET>
Date: Thu, 07 Feb 2008 14:32:47 -0500
That does sound like a risk waiting to be exploited. However, if you log off of websites properly, that would greatly mitigate the risk. ____________________________________ Robert S. Slifkin Email: Rob () slifkin net Phone: 203.962.3878 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jason_jones98 () hotmail com Sent: Thursday, February 07, 2008 9:34 AM To: pen-test () securityfocus com Subject: IE7 add-on Hi. I have just loaded the ie7 add-on 'open-last-tab', has anyone else had a play with this? From initial results i have found this to be a great 'man-in-the-middle' attack tool. Example on Bank site(no-names): Log into your bank, open another tab within the window i.e. google. Close the banking tab, hit Alt-X and the 'logged-in' banking window re-opens. I have also attempted this on other applications and the majority work. Can someone advise if M$ have provided us with a great MITM plug-in tool? ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- IE7 add-on jason_jones98 (Feb 07)
- Re: IE7 add-on Adam Thompson (Feb 10)
- RE: IE7 add-on Robert S. Slifkin (Feb 10)
- Re: IE7 add-on Dave Howe (Feb 10)
- <Possible follow-ups>
- Re: IE7 add-on Shaon Diwakar (Feb 10)